Certain types of asymmetric key certificate verification operations depend on a support service that either distributes a Certificate Revocation List (CRL) or an Online Certificate Status Protocol (OCSP) to provide certificate revocation status to a verifier, otherwise the verifier cannot determine whether the certificate has been revoked. Use of certificates with Internet of Things (IoT) devices presents additional challenges due to the constrained environments of many IoT devices. If the CRL is large, there may not be enough storage resource to store the CRL. Consequently, the verifying device is unable to complete path validation, resulting in an inability for the IoT application to function. If instead, the IoT device relies on OCS checking, the verifying device needs to open a connection to the issuing certificate authority (CA). However, network access may not be possible in some circumstances where the requesting device and serving device are in a constrained networking environment (e.g., intermittently connected to an outside network).